Moscova. Jean-Jacques Lévy. March 23, INRIA Paris Rocquencourt
|
|
- Myron Stafford
- 5 years ago
- Views:
Transcription
1 Moscova Jean-Jacques Lévy INRIA Paris Rocquencourt March 23, 2011
2 Research team
3 Stats Staff Jean-Jacques Lévy, INRIA Karthikeyan Bhargavan, INRIA James Leifer, INRIA Luc Maranget, INRIA Francesco Zappa Nardelli, INRIA Ricardo Corin, INRIA Cordoba Gilles Peskine, INRIA Trusted logic Pierre-Malo Deniélou, INRIA Imperial College Jade Alglave, INRIA Oxford Nataliya Guts, MSR-INRIA Maryland Jérémy Planul, MSR-INRIA INRIA Rocquencourt MSR-INRIA Saclay (Cédric Fournet, MSRC) Moscova history: Para (1988, Head: Lévy), Moscova (2000, Head: Gonthier MSRC) 18 PhDs 75% Coq proof of the 4-color thm; debugging of 3 modules of Ariane-501 PV; spinoff of Polyspace [Alain Deutsch]; etc. Polytechnique (Lévy, prof ) MSR-INRIA Joint Centre (Head: Lévy)
4 Research themes
5 Research themes programming languages [safe marshalling, ott, like types] concurrency [jocaml, separation logic/c-minor/concurrency, weak memory models] security compilers and verifiers [secure sessions, audits, tls, information flow]
6 Research results
7 Example 1 Weak memory models memory models of multi-core processors give formal description of WMMs operational semantics of WMMs certified (back-end) compiler for some WMMs prove correctness of compiler optimisations in WMMs
8 Intel whitepaper (1/3) MP (message passing) [demo]
9 Intel whitepaper (2/3) SB (store buffers) [demo]
10 Intel whitepaper (3/3) WRC (write-to-read causality) [demo]
11 Event structures SB with SC (sequential consistency) In SC, program order is strictly respected. r1 = 1, r2 = 1 r1 = 1, r2 = 0 r1 = 0, r2 = 1 cyclic graph
12 Event structures SB with TSO (total store order) In TSO, W followed by R can be relaxed within program order r1 = 1, r2 = 1 r1 = 1, r2 = 0 r1 = 0, r2 = 1 r1 = 0, r2 = 0
13 Event structures MP with TSO/PSO (partial store order) In TSO, W followed by R relaxed r1 = 1, r2 = 0 Cyclic graph In PSO, W followed by W to distinct location relaxed r1 = 1, r2 = 0
14 Weak memory models axiomatic + operational models for Intel [ Cambridge] / Power [ INRIA] formalisation in HOL/Coq tests on real processor behaviour pes20/ppc-supplemental/ppc003.html formal proof of simple concurrent code (eg. Linux spinlocks) operational reasoning: data-race freedom, separation logic certified compiler for concurrent languages pes20/compcerttso [Zappa Nardelli, Maranget, Alglave, Braibant, Sewell et al] [POPL 09, CACM 10; DAMP 09, CAV 10, PLDI 11; TACAS 11; POPL 11]
15 Weak memory models Proving correctness of optimisations start start FENCE nop nop nop if ifso ifnot?? if ifso ifnot nop nop nop FENCE store return store return FENCE nop Fences elimination with TSO 3 klocoq
16 Example 2 Secure sessions passing authenticated (signed) values between 2 run-times design of a mini F# + primitives for authentication + global contract with sessions types compiling scheme into a low-level language ( pi-calculus) to describe authentication protocols formal proof of its correctness, with security property induced by strong typing of F# + usage of authentication primitives extension to other security properties, sessions V2 (privacy of message values, integrity, dynamic number of principals, etc) [Corin, Deniélou, Leifer, Fournet, Bhargavan] [JCS 08, TGC 07, CSF 09, Deniélou phd 11] F# = Ocaml modules +.NET
17 Example 2 Secure sessions passing authenticated (signed) values between 2 run-times design of a mini F# + primitives for authentication + global contract with sessions types compiling scheme into a low-level language ( pi-calculus) to describe authentication protocols formal proof of its correctness, with security property induced by strong typing of F# + usage of authentication primitives extension to other security properties, sessions V2 (privacy of message values, integrity, dynamic number of principals, etc) [Corin, Deniélou, Leifer, Fournet, Bhargavan] [JCS 08, TGC 07, CSF 09, Deniélou phd 11] F# = Ocaml modules +.NET
18 Example 2 Secure sessions passing authenticated (signed) values between 2 run-times design of a mini F# + primitives for authentication + global contract with sessions types compiling scheme into a low-level language ( pi-calculus) to describe authentication protocols formal proof of its correctness, with security property induced by strong typing of F# + usage of authentication primitives extension to other security properties, sessions V2 (privacy of message values, integrity, dynamic number of principals, etc) [Corin, Deniélou, Leifer, Fournet, Bhargavan] [JCS 08, TGC 07, CSF 09, Deniélou phd 11] F# = Ocaml modules +.NET
19 Simple exchange
20 Two-party negotiation
21 Three-party session
22 Visibility
23 No blind fork
24 Secure sessions passing authenticated (signed) values between 2 run-times design of a mini F# + primitives for authentication + global contract with sessions types compiling scheme into a low-level language ( pi-calculus) to describe authentication protocols formal proof of its correctness, with security property induced by strong typing of F# + usage of authentication primitives extension to other security properties, sessions V2 (privacy of message values, integrity, dynamic number of principals, etc) [Corin, Deniélou, Leifer, Fournet, Bhargavan] [JCS 08, TGC 07, CSF 09, Deniélou phd 11] F# = Ocaml modules +.NET
25 Example 3 Verified Crypto Protocol Implementations
26 Protocol Specifications in F7
27 Protocol Specifications in F7
28 TLS in F# [CCS 08, TOPLAS 10, APLAS 10, POPL 10, ESORICS 09, phd Guts 11]
29 Other works Acute type safed marshalling [Leifer, Peskine, Zappa Nardelli] OTT A semantics tool [Sewell, Zappa Nardelli] Scripting languages (Like types) [Zappa Nardelli] Jocaml (version 3; more portable, documentation) [Maranget, Mandel] Separation logic [Appel, Zappa Nardelli] Security through logs [Guts, Fournet, Zappa Nardelli] Information flow [Corin, Fournet, le Guernic, Planul, Rezk] Pattern-matching in Ocaml [Maranget]
30 Miscellaneous
31 Links Microsoft Research Cambridge through the MSR-INRIA Joint Centre Sewell et al at Cambridge, Computer Lab Indes, Celtique, PPS with ANR Parsec [Zappa Nardelli] Gallium for general discussion about programming languages Andrew Appel, Princeton Secsi, Cascade with ERC-Crysp [Bhargavan]
32 Software diy tool suite [Alglave, Maranget] OTT: a semantics tool [Sewell, Zappa Nardelli] CompCertTSO: certified compiler for TSO [Jagannathan, Sewell, Sevcik, Vafeiadis, Zappa Nardelli] S2ML FS2CV [Bhargavan, Corin, Deniélou] [Bhargavan, Corin, Zalinescu] F7 [Bhargavan] Jocaml [Maranget, Mandel] 5% Ocaml (pattern matching) [Maranget] Hévéa: an efficient translator of Tex into Html [Maranget]
33 Teaching MPRI (master course at Paris 7) [Zappa Nardelli, Leifer] École polytechnique [Maranget, Bhargavan,...Lévy ( )] lecture notes + web pages Entrance examination at Polytechnique [Maranget (4 years), Lévy (??-2009)] Bertinoro, IIT-Delhi, Tsinghua, etc.
34 Objectives for next years
35 Scientific goals Weak Memory Models ARM multi-core + xfer to industry automatic exploration of WMMs automatic synchronisation of programs certified compilation of C-like with C1x/C++0x WMM Security compilers and verifiers scalable tools to verify security of programs verified open source cryptographic libraries web applications with formal proofs of security
36 Organization INRIA
37 Organization INRIA
38 FIN 12 April 2011:
Moscova 07. Jean-Jacques Lévy. April 24, INRIA Rocquencourt
Moscova 07 Jean-Jacques Lévy INRIA Rocquencourt April 24, 2007 Research Part 1 Type-safe communication Acute communicating values of abstract data types and preserving abstraction between 2 distinct run-times;
More informationLe Centre de Recherche Commun INRIA-Microsoft Research
Le Centre de Recherche Commun INRIA-Microsoft Research Jean-Jacques Lévy INRIA Rocquencourt & MSR-INRIA Joint Centre ENST Mercredi 4 avril 2007 Plan 1 Context 2 Track A 3 Track B 4 Future Context INRIA
More informationFrom POPL to the Jungle and back
From POPL to the Jungle and back Peter Sewell University of Cambridge PLMW: the SIGPLAN Programming Languages Mentoring Workshop San Diego, January 2014 p.1 POPL 2014 41th ACM SIGPLAN-SIGACT Symposium
More informationthe MSR-INRIA Joint Centre Jean-Jacques Lévy June 2, 2008
the MSR-INRIA Joint Centre Jean-Jacques Lévy June 2, 2008 Plan 1. Context 2. Track A Math. Components Security TLA+ 3. Track B DDMF ReActivity Adaptative search Image & video mining Context Politics INRIA
More informationMSR-INRIA Joint Centre. Jean-Jacques Lévy June 3, 2009
MSR-INRIA Joint Centre Jean-Jacques Lévy June 3, 2009 Plan 1. Context 2. Track A Math. Components (G.Gonthier) Security (C. Fournet) TLA+ (D. Doligez) 3. Track B DDMF (Bruno Salvy) ReActivity (J.-D. Fekete,
More informationMulticore Programming Java Memory Model
p. 1 Multicore Programming Java Memory Model Peter Sewell Jaroslav Ševčík Tim Harris University of Cambridge MSR with thanks to Francesco Zappa Nardelli, Susmit Sarkar, Tom Ridge, Scott Owens, Magnus O.
More informationHigh-level languages
High-level languages High-level languages are not immune to these problems. Actually, the situation is even worse: the source language typically operates over mixed-size values (multi-word and bitfield);
More informationThe Semantics of x86-cc Multiprocessor Machine Code
The Semantics of x86-cc Multiprocessor Machine Code Susmit Sarkar Computer Laboratory University of Cambridge Joint work with: Peter Sewell, Scott Owens, Tom Ridge, Magnus Myreen (U.Cambridge) Francesco
More informationTaming release-acquire consistency
Taming release-acquire consistency Ori Lahav Nick Giannarakis Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) POPL 2016 Weak memory models Weak memory models provide formal sound semantics
More informationUnderstanding POWER multiprocessors
Understanding POWER multiprocessors Susmit Sarkar 1 Peter Sewell 1 Jade Alglave 2,3 Luc Maranget 3 Derek Williams 4 1 University of Cambridge 2 Oxford University 3 INRIA 4 IBM June 2011 Programming shared-memory
More informationPart 1. Shared memory: an elusive abstraction
Part 1. Shared memory: an elusive abstraction Francesco Zappa Nardelli INRIA Paris-Rocquencourt http://moscova.inria.fr/~zappa/projects/weakmemory Based on work done by or with Peter Sewell, Jaroslav Ševčík,
More informationHardware Memory Models: x86-tso
Hardware Memory Models: x86-tso John Mellor-Crummey Department of Computer Science Rice University johnmc@rice.edu COMP 522 Lecture 9 20 September 2016 Agenda So far hardware organization multithreading
More informationC++ Concurrency - Formalised
C++ Concurrency - Formalised Salomon Sickert Technische Universität München 26 th April 2013 Mutex Algorithms At most one thread is in the critical section at any time. 2 / 35 Dekker s Mutex Algorithm
More informationx86-tso: A Rigorous and Usable Programmer s Model for x86 Multiprocessors
x86-tso: A Rigorous and Usable Programmer s Model for x86 Multiprocessors Peter Sewell University of Cambridge Francesco Zappa Nardelli INRIA Susmit Sarkar University of Cambridge Magnus O. Myreen University
More informationReasoning between Programming Languages and Architectures
École normale supérieure Mémoire d habilitation à diriger des recherches Specialité Informatique Reasoning between Programming Languages and Architectures Francesco Zappa Nardelli Présenté aux rapporteurs
More informationC11 Compiler Mappings: Exploration, Verification, and Counterexamples
C11 Compiler Mappings: Exploration, Verification, and Counterexamples Yatin Manerkar Princeton University manerkar@princeton.edu http://check.cs.princeton.edu November 22 nd, 2016 1 Compilers Must Uphold
More informationRTLCheck: Verifying the Memory Consistency of RTL Designs
RTLCheck: Verifying the Memory Consistency of RTL Designs Yatin A. Manerkar, Daniel Lustig*, Margaret Martonosi, and Michael Pellauer* Princeton University *NVIDIA MICRO-50 http://check.cs.princeton.edu/
More informationRelaxed Memory: The Specification Design Space
Relaxed Memory: The Specification Design Space Mark Batty University of Cambridge Fortran meeting, Delft, 25 June 2013 1 An ideal specification Unambiguous Easy to understand Sound w.r.t. experimentally
More informationFormal Specification of RISC-V Systems Instructions
Formal Specification of RISC-V Systems Instructions Arvind Andy Wright, Sizhuo Zhang, Thomas Bourgeat, Murali Vijayaraghavan Computer Science and Artificial Intelligence Lab. MIT RISC-V Workshop, MIT,
More informationMechanised industrial concurrency specification: C/C++ and GPUs. Mark Batty University of Kent
Mechanised industrial concurrency specification: C/C++ and GPUs Mark Batty University of Kent It is time for mechanised industrial standards Specifications are written in English prose: this is insufficient
More informationFrom Crypto to Code. Greg Morrisett
From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell ACL2/Coq/Agda Latex Powerpoint Someone else s Powerpoint 2 Cryptographic techniques Already ubiquitous: e.g., SSL/TLS
More informationOverhauling SC atomics in C11 and OpenCL
Overhauling SC atomics in C11 and OpenCL John Wickerson, Mark Batty, and Alastair F. Donaldson Imperial Concurrency Workshop July 2015 TL;DR The rules for sequentially-consistent atomic operations and
More informationProgram logics for relaxed consistency
Program logics for relaxed consistency UPMARC Summer School 2014 Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 1st Lecture, 28 July 2014 Outline Part I. Weak memory models 1. Intro
More informationCubicle-W: Parameterized Model Checking on Weak Memory
Cubicle-W: Parameterized Model Checking on Weak Memory Sylvain Conchon 1,2, David Declerck 1,2, and Fatiha Zaïdi 1 1 LRI (CNRS & Univ. Paris-Sud), Université Paris-Saclay, F-91405 Orsay 2 Inria, Université
More informationVerifying Fence Elimination Optimisations
Verifying Fence Elimination Optimisations Viktor Vafeiadis 1 and Francesco Zappa Nardelli 2 1 MPI-SWS 2 INRIA Abstract. We consider simple compiler optimisations for removing redundant memory fences in
More informationAn introduction to weak memory consistency and the out-of-thin-air problem
An introduction to weak memory consistency and the out-of-thin-air problem Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) CONCUR, 7 September 2017 Sequential consistency 2 Sequential
More informationSecure Compilation of a Multi-tier Web Language
Secure Compilation of a Multi-tier Web Language Ioannis G. Baltopoulos (ioannis.baltopoulos@cl.cam.ac.uk) The Rise and Rise of the Declarative Datacentre (R2D2) Tuesday, May 13, 2008 Joint work with Andrew
More informationCryptographically Sound Implementations for Typed Information-Flow Security
FormaCrypt, Nov 30. 2007 Cryptographically Sound Implementations for Typed Information-Flow Security Cédric Fournet Tamara Rezk Microsoft Research INRIA Joint Centre http://msr-inria.inria.fr/projects/sec/cflow
More informationWeak Memory Models: an Operational Theory
Opening Weak Memory Models: an Operational Theory INRIA Sophia Antipolis 9th June 2008 Background on weak memory models Memory models, what are they good for? Hardware optimizations Contract between hardware
More informationThe C/C++ Memory Model: Overview and Formalization
The C/C++ Memory Model: Overview and Formalization Mark Batty Jasmin Blanchette Scott Owens Susmit Sarkar Peter Sewell Tjark Weber Verification of Concurrent C Programs C11 / C++11 In 2011, new versions
More informationIdioms for Interaction: Functional Types, Process Types and Distributed Systems
Idioms for Interaction: Functional Types, Process Types and Distributed Systems http://mrg.doc.ic.ac.uk/ Nobuko Yoshida Imperial College London 1 Idioms for Interaction Multiparty Session Types Outline
More informationShow No Weakness: Sequentially Consistent Specifications of TSO Libraries
Show No Weakness: Sequentially Consistent Specifications of TSO Libraries Alexey Gotsman 1, Madanlal Musuvathi 2, and Hongseok Yang 3 1 IMDEA Software Institute 2 Microsoft Research 3 University of Oxford
More informationReasoning about the C/C++ weak memory model
Reasoning about the C/C++ weak memory model Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) 13 October 2014 Talk outline I. Introduction Weak memory models The C11 concurrency model
More informationIndustrial concurrency specification for C/C++ Mark Batty University of Kent
Industrial concurrency specification for C/C++ Mark Batty University of Kent It is time for mechanised industrial standards Specifications are written in English prose: this is insufficient Write mechanised
More informationTurning proof assistants into programming assistants
Turning proof assistants into programming assistants ST Winter Meeting, 3 Feb 2015 Magnus Myréen Why? Why combine proof- and programming assistants? Why proofs? Testing cannot show absence of bugs. Some
More informationLoad-reserve / Store-conditional on POWER and ARM
Load-reserve / Store-conditional on POWER and ARM Peter Sewell (slides from Susmit Sarkar) 1 University of Cambridge June 2012 Correct implementations of C/C++ on hardware Can it be done?...on highly relaxed
More informationTHÈSE DE DOCTORAT de l Université de recherche Paris Sciences Lettres PSL Research University
THÈSE DE DOCTORAT de l Université de recherche Paris Sciences Lettres PSL Research University Préparée à l École normale supérieure Compiler Optimisations and Relaxed Memory Consistency Models ED 386 sciences
More informationCOMP Parallel Computing. CC-NUMA (2) Memory Consistency
COMP 633 - Parallel Computing Lecture 11 September 26, 2017 Memory Consistency Reading Patterson & Hennesey, Computer Architecture (2 nd Ed.) secn 8.6 a condensed treatment of consistency models Coherence
More informationSession Types and Multiparty Session Types. Nobuko Yoshida Imperial College London
Session Types and Multiparty Session Types Nobuko Yoshida Imperial College London 1 Communication is Ubiquitous Internet, the WWW, Cloud Computing, the next-generation manycore chips, message-passing parallel
More informationFrom CryptoVerif Specifications to Computationally Secure Implementations of Protocols
From CryptoVerif Specifications to Computationally Secure Implementations of Protocols Bruno Blanchet and David Cadé INRIA, École Normale Supérieure, CNRS, Paris April 2012 Bruno Blanchet and David Cadé
More informationConstructing a Weak Memory Model
Constructing a Weak Memory Model Sizhuo Zhang 1, Muralidaran Vijayaraghavan 1, Andrew Wright 1, Mehdi Alipour 2, Arvind 1 1 MIT CSAIL 2 Uppsala University ISCA 2018, Los Angeles, CA 06/04/2018 1 The Specter
More informationRelaxed Memory Consistency
Relaxed Memory Consistency Jinkyu Jeong (jinkyu@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu SSE3054: Multicore Systems, Spring 2017, Jinkyu Jeong (jinkyu@skku.edu)
More informationParallel Computer Architecture Spring Memory Consistency. Nikos Bellas
Parallel Computer Architecture Spring 2018 Memory Consistency Nikos Bellas Computer and Communications Engineering Department University of Thessaly Parallel Computer Architecture 1 Coherence vs Consistency
More informationOverview: Memory Consistency
Overview: Memory Consistency the ordering of memory operations basic definitions; sequential consistency comparison with cache coherency relaxing memory consistency write buffers the total store ordering
More informationWritten Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming
Written Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming Nicolas Bettenburg 1 Universitaet des Saarlandes, D-66041 Saarbruecken, nicbet@studcs.uni-sb.de Abstract. As traditional
More informationPattern-based Synthesis of Synchronization for the C++ Memory Model
Pattern-based Synthesis of Synchronization for the C++ Memory Model Yuri Meshman Technion Noam Rinetzky Tel Aviv University Eran Yahav Technion Abstract We address the problem of synthesizing efficient
More informationSharing in the weak lambda-calculus
Sharing in the weak lambda-calculus Tomasz Blanc Jean-Jacques Lévy Luc Maranget INRIA Rocquencourt Dec 19, 2005 Sharing in the weak lambda-calculus Tomasz Blanc Jean-Jacques Lévy Luc Maranget INRIA Rocquencourt
More information*the Everest VERified End-to-end Secure Transport. Verified Secure Implementations for the HTTPS Ecosystem mitls & Everest*
*the Everest VERified End-to-end Secure Transport Verified Secure Implementations for the HTTPS Ecosystem mitls & Everest* Edge Clients Services & Applications curl WebKit Skype IIS Apache HTTPS Ecosystem
More informationA NEW PROOF-ASSISTANT THAT REVISITS HOMOTOPY TYPE THEORY THE THEORETICAL FOUNDATIONS OF COQ USING NICOLAS TABAREAU
COQHOTT A NEW PROOF-ASSISTANT THAT REVISITS THE THEORETICAL FOUNDATIONS OF COQ USING HOMOTOPY TYPE THEORY NICOLAS TABAREAU The CoqHoTT project Design and implement a brand-new proof assistant by revisiting
More informationSecure Distributed Computa2ons (and their Proofs)
Secure Distributed Computa2ons (and their Proofs) Pedro Adao Gilles Barthe Ricardo Corin Pierre- Malo Deniélou Gurvan le Guernic Nataliya Guts Eugen Zalinescu San2ago Zanella Béguelin Karthik Bhargavan
More informationRELAXED CONSISTENCY 1
RELAXED CONSISTENCY 1 RELAXED CONSISTENCY Relaxed Consistency is a catch-all term for any MCM weaker than TSO GPUs have relaxed consistency (probably) 2 XC AXIOMS TABLE 5.5: XC Ordering Rules. An X Denotes
More informationFormal C semantics: CompCert and the C standard
Formal C semantics: CompCert and the C standard Robbert Krebbers 1, Xavier Leroy 2, and Freek Wiedijk 1 1 ICIS, Radboud University Nijmegen, The Netherlands 2 Inria Paris-Rocquencourt, France Abstract.
More informationIntroduction to Functional Programming in OCaml
Introduction to Functional Programming in OCaml Roberto Di Cosmo, Yann Régis-Gianas, Ralf Treinen Week 0 - Sequence 3: Why OCaml : voices from the user base Who uses the OCaml language? Teaching France:
More informationDeclarative semantics for concurrency. 28 August 2017
Declarative semantics for concurrency Ori Lahav Viktor Vafeiadis 28 August 2017 An alternative way of defining the semantics 2 Declarative/axiomatic concurrency semantics Define the notion of a program
More informationSafe Reactive Programming: the FunLoft Proposal
Safe Reactive Programming: the FunLoft Proposal Frédéric Boussinot MIMOSA Project, Inria Sophia-Antipolis (Joint work with Frédéric Dabrowski) http://www.inria.fr/mimosa/rp With support from ALIDECS SYNCHRON
More informationThe automatic security protocol verifier ProVerif
The automatic security protocol verifier ProVerif Bruno Blanchet CNRS, École Normale Supérieure, INRIA, Paris June 2010 Bruno Blanchet (CNRS, ENS, INRIA) ProVerif June 2010 1 / 43 Introduction Many techniques
More informationDesigning Memory Consistency Models for. Shared-Memory Multiprocessors. Sarita V. Adve
Designing Memory Consistency Models for Shared-Memory Multiprocessors Sarita V. Adve Computer Sciences Department University of Wisconsin-Madison The Big Picture Assumptions Parallel processing important
More informationOCaml for MultiCore. Deuxième réunion du GDR GPL/LTP. LACL / Université Paris XII 21 Octobre 2009
OC4MC OCaml for MultiCore Deuxième réunion du GDR GPL/LTP LACL / Université Paris XII 21 Octobre 2009 Mathias Bourgoin, Adrien Jonquet Benjamin Canou, Philippe Wang Emmanuel Chailloux 1 project timeline
More informationA messy state of the union:
A messy state of the union: Taming the Composite State Machines of TLS http://smacktls.com Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo
More informationSymmetric Multiprocessors: Synchronization and Sequential Consistency
Constructive Computer Architecture Symmetric Multiprocessors: Synchronization and Sequential Consistency Arvind Computer Science & Artificial Intelligence Lab. Massachusetts Institute of Technology November
More informationToken-Passing Nets: Call-by-Need for Free
Electronic Notes in Theoretical Computer Science 135 (2006) 129 139 www.elsevier.com/locate/entcs Token-Passing Nets: Call-by-Need for Free François-Régis Sinot 1,2 LIX, Ecole Polytechnique, 91128 Palaiseau,
More informationCompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency
CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency JAROSLAV ŠEVČÍK, University of Cambridge VIKTOR VAFEIADIS, MPI-SWS FRANCESCO ZAPPA NARDELLI, INRIA SURESH JAGANNATHAN, Purdue University
More informationThe Java Memory Model: a Formal Explanation 1
The Java Memory Model: a Formal Explanation 1 M. Huisman 2 G. Petri 3 INRIA Sophia Antipolis, France Abstract This paper discusses the new Java Memory Model (JMM), introduced for Java 1.5. The JMM specifies
More informationType systems. Types in access control and privacy. Outline. 1. Dynamic Web Data. p-calculus Dp XDp
Type systems Types in access control and privacy Silvia Ghilezan University of Novi Sad NII Shonan Meeting 069 LOGIC AND VERIFICATION METHODS IN SECURITY AND PRIVACY October 26-29, 2015 Types have gained
More informationOutlawing Ghosts: Avoiding Out-of-Thin-Air Results
Outlawing Ghosts: Avoiding Out-of-Thin-Air Results Hans-J. Boehm Google, Inc. hboehm@google.com Brian Demsky UC Irvine bdemsky@uci.edu Abstract It is very difficult to define a programming language memory
More informationTSO-CC: Consistency-directed Coherence for TSO. Vijay Nagarajan
TSO-CC: Consistency-directed Coherence for TSO Vijay Nagarajan 1 People Marco Elver (Edinburgh) Bharghava Rajaram (Edinburgh) Changhui Lin (Samsung) Rajiv Gupta (UCR) Susmit Sarkar (St Andrews) 2 Multicores
More informationBeyond Sequential Consistency: Relaxed Memory Models
1 Beyond Sequential Consistency: Relaxed Memory Models Computer Science and Artificial Intelligence Lab M.I.T. Based on the material prepared by and Krste Asanovic 2 Beyond Sequential Consistency: Relaxed
More informationCoq, a formal proof development environment combining logic and programming. Hugo Herbelin
Coq, a formal proof development environment combining logic and programming Hugo Herbelin 1 Coq in a nutshell (http://coq.inria.fr) A logical formalism that embeds an executable typed programming language:
More informationGPU Concurrency: Weak Behaviours and Programming Assumptions
GPU Concurrency: Weak Behaviours and Programming Assumptions Jyh-Jing Hwang, Yiren(Max) Lu 03/02/2017 Outline 1. Introduction 2. Weak behaviors examples 3. Test methodology 4. Proposed memory model 5.
More informationCompCertS: A Memory-Aware Verified C Compiler using Pointer as Integer Semantics
CompCertS: A Memory-Aware Verified C Compiler using Pointer as Integer Semantics Frédéric Besson 1, Sandrine Blazy 2, and Pierre Wilke 3 1 Inria, Rennes, France 2 Université Rennes 1 - CNRS - IRISA, Rennes,
More informationSECOMP Efficient Formally Secure Compilers to a Tagged Architecture. Cătălin Hrițcu INRIA Paris
SECOMP Efficient Formally Secure Compilers to a Tagged Architecture Cătălin Hrițcu INRIA Paris 1 SECOMP Efficient Formally Secure Compilers to a Tagged Architecture Cătălin Hrițcu INRIA Paris 5 year vision
More informationCMSC Computer Architecture Lecture 15: Memory Consistency and Synchronization. Prof. Yanjing Li University of Chicago
CMSC 22200 Computer Architecture Lecture 15: Memory Consistency and Synchronization Prof. Yanjing Li University of Chicago Administrative Stuff! Lab 5 (multi-core) " Basic requirements: out later today
More informationHow Formal Analysis and Verification Add Security to Blockchain-based Systems
Verification Add Security to Blockchain-based Systems January 26, 2017 (MIT Media Lab) Pindar Wong (VeriFi Ltd.) 2 Outline of this talk Security Definition of Blockchain-based system Technology and Security
More informationA CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency
A CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency JAROSLAV ŠEVČÍK, Microsoft VIKTOR VAFEIADIS, MPI-SWS FRANCESCO ZAPPA NARDELLI, INRIA SURESH JAGANNATHAN, Purdue University PETER SEWELL,
More informationVerified compilers. Guest lecture for Compiler Construction, Spring Magnus Myréen. Chalmers University of Technology
Guest lecture for Compiler Construction, Spring 2015 Verified compilers Magnus Myréen Chalmers University of Technology Mentions joint work with Ramana Kumar, Michael Norrish, Scott Owens and many more
More informationWeak memory models. Mai Thuong Tran. PMA Group, University of Oslo, Norway. 31 Oct. 2014
Weak memory models Mai Thuong Tran PMA Group, University of Oslo, Norway 31 Oct. 2014 Overview 1 Introduction Hardware architectures Compiler optimizations Sequential consistency 2 Weak memory models TSO
More informationX-86 Memory Consistency
X-86 Memory Consistency Andreas Betz University of Kaiserslautern a betz12@cs.uni-kl.de Abstract In recent years multiprocessors have become ubiquitous and with them the need for concurrent programming.
More informationPersonal & Trusted Cloud
Inria Saclay-IDF November 7th, 2016 Colloque Inria CAPPRIS Personal & Trusted Cloud Nicolas Anciaux, SMIS team, Inria Saclay-IDF/UVSQ Towards a personal and trusted cloud Current model wrt. management
More informationA better x86 memory model: x86-tso (extended version)
A better x86 memory model: x86-tso (extended version) Scott Owens Susmit Sarkar Peter Sewell University of Cambridge http://www.cl.cam.ac.uk/users/pes20/weakmemory March 25, 2009 Revision : 1746 Abstract
More informationTaming Release-Acquire Consistency
Taming Release-Acquire Consistency Ori Lahav Nick Giannarakis Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS), Germany {orilahav,nickgian,viktor}@mpi-sws.org * POPL * Artifact Consistent
More informationCSCI-GA Scripting Languages
CSCI-GA.3033.003 Scripting Languages 12/02/2013 OCaml 1 Acknowledgement The material on these slides is based on notes provided by Dexter Kozen. 2 About OCaml A functional programming language All computation
More informationUsing Relaxed Consistency Models
Using Relaxed Consistency Models CS&G discuss relaxed consistency models from two standpoints. The system specification, which tells how a consistency model works and what guarantees of ordering it provides.
More informationMemory Consistency Models. CSE 451 James Bornholt
Memory Consistency Models CSE 451 James Bornholt Memory consistency models The short version: Multiprocessors reorder memory operations in unintuitive, scary ways This behavior is necessary for performance
More informationStatic and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012
Static and User-Extensible Proof Checking Antonis Stampoulis Zhong Shao Yale University POPL 2012 Proof assistants are becoming popular in our community CompCert [Leroy et al.] sel4 [Klein et al.] Four-color
More informationMachine-checked proofs of program correctness
Machine-checked proofs of program correctness COS 326 Andrew W. Appel Princeton University slides copyright 2013-2015 David Walker and Andrew W. Appel In this course, you saw how to prove that functional
More informationMulticore Programming: C++0x
p. 1 Multicore Programming: C++0x Mark Batty University of Cambridge in collaboration with Scott Owens, Susmit Sarkar, Peter Sewell, Tjark Weber November, 2010 p. 2 C++0x: the next C++ Specified by the
More informationA Coq Framework For Verified Property-Based Testing (part of QuickChick)
A Coq Framework For Verified Property-Based Testing (part of QuickChick) Cătălin Hrițcu INRIA Paris-Rocquencourt (Prosecco team, Place d Italie office) Problem: proving in Coq is very costly My proofs
More informationDeductive Program Verification with Why3, Past and Future
Deductive Program Verification with Why3, Past and Future Claude Marché ProofInUse Kick-Off Day February 2nd, 2015 A bit of history 1999: Jean-Christophe Filliâtre s PhD Thesis Proof of imperative programs,
More informationMemory Consistency Models
Memory Consistency Models Contents of Lecture 3 The need for memory consistency models The uniprocessor model Sequential consistency Relaxed memory models Weak ordering Release consistency Jonas Skeppstedt
More informationAccord UDL-CSC École Doctorale Info-Maths
Accord UDL-CSC École Doctorale Info-Maths Titre du sujet de recherche : Programming language abstractions for the Internet of Things Laboratory / laboratoire : CITI-INRIA, Université de Lyon, INSA de Lyon
More informationDistributed Computing Based on Clean Dynamics
6 th International Conference on Applied Informatics Eger, Hungary, January 27 31, 2004. Distributed Computing Based on Clean Dynamics Hajnalka Hegedűs, Zoltán Horváth Department of Programming Languages
More informationA concrete memory model for CompCert
A concrete memory model for CompCert Frédéric Besson Sandrine Blazy Pierre Wilke Rennes, France P. Wilke A concrete memory model for CompCert 1 / 28 CompCert real-world C to ASM compiler used in industry
More informationStability in Weak Memory Models
Stability in Weak Memory Models Jade Alglave 1,2 and Luc Maranget 2 1 Oxford University 2 INRIA Abstract. Concurrent programs running on weak memory models exhibit relaxed behaviours, making them hard
More informationCan Seqlocks Get Along with Programming Language Memory Models?
Can Seqlocks Get Along with Programming Language Memory Models? Hans-J. Boehm HP Labs Hans-J. Boehm: Seqlocks 1 The setting Want fast reader-writer locks Locking in shared (read) mode allows concurrent
More informationNot-quite-so-broken TLS 1.3 mechanised conformance checking
Not-quite-so-broken TLS 1.3 mechanised conformance checking David Kaloper-Meršinjak University of Cambridge Hannes Mehnert University of Cambridge Abstract We present a set of tools to aid TLS 1.3 implementors,
More informationOutline. software testing: search bugs black-box and white-box testing static and dynamic testing
Outline 1 Verification Techniques software testing: search bugs black-box and white-box testing static and dynamic testing 2 Programming by Contract assert statements in Python using preconditions and
More informationFunctional Programming with Isabelle/HOL
Functional Programming with Isabelle/HOL = Isabelle λ β HOL α Florian Haftmann Technische Universität München January 2009 Overview Viewing Isabelle/HOL as a functional programming language: 1. Isabelle/HOL
More informationAutomatic Verification of Remote Electronic Voting Protocols
Automatic Verification of Remote Electronic Voting Protocols Cătălin Hrițcu Saarland University, Saarbrücken, Germany Joint work with: Michael Backes and Matteo Maffei Microsoft Research Cambridge, July
More informationShared Memory Programming with OpenMP. Lecture 8: Memory model, flush and atomics
Shared Memory Programming with OpenMP Lecture 8: Memory model, flush and atomics Why do we need a memory model? On modern computers code is rarely executed in the same order as it was specified in the
More informationSound and Complete Reachability Analysis under PSO
IT 13 086 Examensarbete 15 hp November 2013 Sound and Complete Reachability Analysis under PSO Magnus Lång Institutionen för informationsteknologi Department of Information Technology Abstract Sound and
More information